MDKSA-2002:028

Problembeschreibung

A problem was discovered by fc, with further research by Global
InterSec, in the sudo program with the password prompt parameter
(-p). Sudo can be tricked into allocating less memory than it should
for the prompt and in certain conditions it is possible to exploit this
flaw to corrupt the heap in such a way that could be used to execute
arbitary commands. Because sudo is generally suid root, this can lead
to an elevation of privilege for local users.